diff options
| -rw-r--r-- | client/wallet.pod | 6 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin.pm | 2 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin/Heimdal.pm | 16 | ||||
| -rw-r--r-- | perl/Wallet/Kadmin/MIT.pm | 14 | ||||
| -rwxr-xr-x | server/wallet-backend | 6 |
5 files changed, 23 insertions, 21 deletions
diff --git a/client/wallet.pod b/client/wallet.pod index 6451e72..9908bb1 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -374,9 +374,9 @@ Keytab objects support the following attributes: Restricts the generated keytab to a specific set of encryption types. The values of this attribute must be enctype strings recognized by Kerberos -(strings like C<aes256-cts> or C<des-cbc-crc>). Note that the salt should -not be included; since the salt is irrelevant for keytab keys, it will -always be set to C<normal> by the wallet. +(strings like C<aes256-cts-hmac-sha1-96> or C<des-cbc-crc>). Note that +the salt should not be included; since the salt is irrelevant for keytab +keys, it will always be set to C<normal> by the wallet. If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in diff --git a/perl/Wallet/Kadmin.pm b/perl/Wallet/Kadmin.pm index 5c01ee3..65ddf4b 100644 --- a/perl/Wallet/Kadmin.pm +++ b/perl/Wallet/Kadmin.pm @@ -63,7 +63,7 @@ Wallet::Kadmin - Kadmin module wrapper for wallet keytabs my $kadmin = Wallet::Kadmin->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/Wallet/Kadmin/Heimdal.pm index 2ca8dcd..428202b 100644 --- a/perl/Wallet/Kadmin/Heimdal.pm +++ b/perl/Wallet/Kadmin/Heimdal.pm @@ -1,7 +1,7 @@ # Wallet::Kadmin::Heimdal -- Heimdal Kadmin interactions for the wallet. # # Written by Jon Robertson <jonrober@stanford.edu> -# Copyright 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2009, 2010 Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -238,7 +238,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs my $kadmin = Wallet::Kadmin::MIT->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; @@ -282,10 +282,11 @@ reality. =item ktadd(PRINCIPAL, FILE, ENCTYPES) -Creates a new keytab for the given principal, as the given file, limited to -the enctypes supplied. The enctype values must be enctype strings recognized -by Kerberos (strings like C<aes256-cts> or C<des-cbc-crc>). An error is -thrown on failure or if the creation fails, otherwise true is returned. +Creates a new keytab for the given principal, as the given file, limited +to the enctypes supplied. The enctype values must be enctype strings +recognized by Kerberos (strings like C<aes256-cts-hmac-sha1-96> or +C<des-cbc-crc>). An error is thrown on failure or if the creation fails, +otherwise true is returned. =back @@ -305,7 +306,6 @@ from L<http://www.eyrie.org/~eagle/software/wallet/>. =head1 AUTHORS -Russ Allbery <rra@stanford.edu> -Jon Robertson <jonrober@stanford.edu> +Russ Allbery <rra@stanford.edu> and Jon Robertson <jonrober@stanford.edu>. =cut diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/Wallet/Kadmin/MIT.pm index c3ad901..49691b0 100644 --- a/perl/Wallet/Kadmin/MIT.pm +++ b/perl/Wallet/Kadmin/MIT.pm @@ -2,7 +2,8 @@ # # Written by Russ Allbery <rra@stanford.edu> # Pulled into a module by Jon Robertson <jonrober@stanford.edu> -# Copyright 2007, 2008, 2009 Board of Trustees, Leland Stanford Jr. University +# Copyright 2007, 2008, 2009, 2010 +# Board of Trustees, Leland Stanford Jr. University # # See LICENSE for licensing terms. @@ -233,7 +234,7 @@ Wallet::Kadmin::MIT - MIT admin interactions for wallet keytabs my $kadmin = Wallet::Kadmin::MIT->new (); $kadmin->addprinc ("host/shell.example.com"); - $kadmin->ktadd ("host/shell.example.com", "aes256-cts"); + $kadmin->ktadd ("host/shell.example.com", "aes256-cts-hmac-sha1-96"); my $exists = $kadmin->exists ("host/oldshell.example.com"); $kadmin->delprinc ("host/oldshell.example.com") if $exists; @@ -277,10 +278,11 @@ reality. =item ktadd(PRINCIPAL, FILE, ENCTYPES) -Creates a new keytab for the given principal, as the given file, limited to -the enctypes supplied. The enctype values must be enctype strings recognized -by Kerberos (strings like C<aes256-cts> or C<des-cbc-crc>). An error is -thrown on failure or if the creation fails, otherwise true is returned. +Creates a new keytab for the given principal, as the given file, limited +to the enctypes supplied. The enctype values must be enctype strings +recognized by Kerberos (strings like C<aes256-cts-hmac-sha1-96> or +C<des-cbc-crc>). An error is thrown on failure or if the creation fails, +otherwise true is returned. =back diff --git a/server/wallet-backend b/server/wallet-backend index 448f175..2b58255 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -558,9 +558,9 @@ Keytab objects support the following attributes: Restricts the generated keytab to a specific set of encryption types. The values of this attribute must be enctype strings recognized by Kerberos -(strings like C<aes256-cts> or C<des-cbc-crc>). Note that the salt should -not be included; since the salt is irrelevant for keytab keys, it will -always be set to C<normal> by the wallet. +(strings like C<aes256-cts-hmac-sha1-96> or C<des-cbc-crc>). Note that +the salt should not be included; since the salt is irrelevant for keytab +keys, it will always be set to C<normal> by the wallet. If this attribute is set, the specified enctype list will be passed to ktadd when get() is called for that keytab. If it is not set, the default set in |